December 2, 2023

Cybercriminals are utilizing Fb adverts to distribute malware and hijack customers’ social media accounts, researchers have discovered.

Within the so-called malvertising marketing campaign, hackers exploit official instruments for on-line advert distribution and insert contaminated hyperlinks into typical commercials. To entice customers into clicking, the marketing campaign affords “provocative enticements” — on this case, lewd photos of younger ladies, in keeping with cybersecurity researchers at Bitdefender.

The researchers report that the marketing campaign is meant to ship a brand new model of the NodeStealer malware to victims’ units. Among the photographs within the adverts appear to have been edited or AI-generated.

NodeStealer is a comparatively new info-stealer that, amongst different issues, permits menace actors to steal victims’ browser cookies and take over Fb accounts.

In a earlier marketing campaign, researchers noticed hackers utilizing NodeStealer to take over Fb enterprise accounts and steal cash from cryptocurrency wallets. Researchers at Fb guardian Meta stated they first recognized the malware in January.

Within the latest marketing campaign described by Bitdefender, cybercriminals used no less than 10 compromised enterprise accounts to run and handle adverts distributing the malware to common Fb customers — primarily males of their 40s and older from Europe, Africa and the Caribbean.

Every click on on the advert immediately downloads the malicious executable file to the sufferer’s system. The researchers estimated that just about 100,000 customers downloaded the malware in simply 10 days.

It’s unclear which hacker group is behind this marketing campaign. The primary NodeStealer assaults had been attributed to menace actors in Vietnam, who focused enterprise customers by way of Fb Messenger.

A NodeStealer variant found within the newest marketing campaign is barely up to date, researchers stated. It has new options that permit hackers to realize entry to further platforms, corresponding to Gmail and Outlook, and obtain further malicious payloads.

As soon as cybercriminals achieve entry to customers’ browser cookies utilizing the essential options of NodeStealer, they will take over Fb accounts and entry delicate data, the researchers say.

Then, hackers can change passwords and activate further safety measures on accounts to fully deny entry to the official proprietor, permitting cybercriminals to commit fraud.

“Whether or not stealing cash or scamming new victims by way of hijacked accounts, this kind of malicious assault permits cybercrooks to remain below the radar by sneaking previous Meta’s safety defenses,” the researchers stated.

Get extra insights with the

Recorded Future

Intelligence Cloud.

Study extra.

No earlier article

No new articles

Daryna Antoniuk

Daryna Antoniuk
is a contract reporter for Recorded Future Information primarily based in Ukraine. She writes about cybersecurity startups, cyberattacks in Jap Europe and the state of the cyberwar between Ukraine and Russia. She beforehand was a tech reporter for Forbes Ukraine. Her work has additionally been revealed at Sifted, The Kyiv Unbiased and The Kyiv Submit.